It is important for organizations that require a greater level of security for inbound and outbound email traffic to understand the benefits of using Transport Layer Security (TLS) protocol.

What is TLS Encryption?

Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols that provide communication security over the Internet. Compared to SSL, TLS has the advantage of applying nearly the same level of security without the need for a dedicated TCP port.
– Implementation is inexpensive and simple
– Doesn’t require any end user training, awareness, or changes to the desktop
– Works with self-signed (free) certificates
– When paired with a certificate issued by a trusted certificate authority, TLS can be used to verify the identity of the remote email gateway
– TLS adoption is high compared with other encryption methods.
– TLS doesn’t inhibit the email gateway’s ability to protect against spam, virus, and content policy violations
– Only encrypts the message while in transit, not sender-to-recipient
– Cannot establish the identity of the sender, just the sender’s gateway.

How does opportunistic TLS Encryption work?
When establishing inbound and outbound SMTP connections, mail servers attempt to invoke TLS. This applies to connections between the service and its customers and to connections between the service and non-customers. If the administrator of the remote host has implemented TLS, regardless of whether the certificate used to facilitate the encryption is self-signed, the message content will be transferred encrypted. If the remote host has not implemented TLS, the service will still deliver the message but without the benefit of encryption. No configuration is necessary to enable this feature. The benefit of opportunistic TLS is that it works autonomously whenever possible to encrypt email, removing all ongoing management overhead.

What is Enforced TLS Encryption?
Enforced TLS provides customers that have strict compliance needs with a way to guarantee that messages to specific business partners on a per domain basis are always sent or received encrypted. Messages to and from Enforced TLS domains that cannot be sent encrypted fail to be delivered to avoid exposure of the email content in plain text format on the internet. Customers can also use Enforced TLS to ensure that all email flowing between the customer and the service are transferred securely. The feature also allows customers to require that certificates are issued by a trusted certificate authority, helping to make man-in-the-middle attacks less likely to succeed.

Enforcing TLS has a number of benefits. First, it makes it more difficult for third parties to read email in transit. Also, when TLS is implemented with certificates issued by trusted certificate authorities instead of self-signed certificates, it can be used to establish the identity of the sending host. Additionally, TLS is transparent to end users, easy to administer, and there is no cost to implement TLS with self-signed certificates. In the end, using TLS allows businesses to easily build secure email networks and increase the prevalence of sender identifiable email on the internet.